Lost data leads to apologies to students
The data on students at seven colleges was collected for a survey commissioned by the Scottish Funding Council on how students choose their courses, intended to help improve services to students. The council immediately issued a detailed statement, admitting the mix-up and offering its apologies.
Roger McClure, chief executive of the SFC, said: "I very much regret that this has taken place and offer my personal apologies to the students concerned. We are taking extra steps to prevent such a loss recurring."
The missing forms contain names, addresses, dates of birth, phone numbers, and gender and ethnic backgrounds. But they do not include bank or national insurance details.
Of the 2,200 students who took part in the "Learner Choice" survey between October 1 and December 3 last year, 1,400 forms with personal data are missing. The Edinburgh firm of York Consulting had been contracted to carry out the survey and it then sub-contracted the interviews to Glasgow-based market research company Research Resource.
The research firm dispatched eight boxes with the completed surveys on December 13 by City Link couriers to York Consulting. But only three arrived and efforts to retrieve the remaining five have failed. The SFC was told on January 14. It says 700 survey forms are secure and around 100 did not include any personal data.
The council has written to the students whose data is missing, apologising for the loss, and to those whose details are secure. The students are at Aberdeen, Adam Smith, Anniesland, Barony, Dundee, North Highland and Edinburgh's Telford colleges.
In addition, York Consulting has set up a special phone line for students anxious about the loss of their data - 0131 270 6056.
The funding council has taken a series of further steps to prevent a recurrence, including good practice recommendations in its standard terms and conditions. It has also kept the UK Information Commissioner's office in Scotland fully briefed.
Such contracts from the SFC already contain clear requirements on handling personal information and compliance with the Data Protection Act.